Difference between revisions of "Skipfish"

From OnnoWiki
Jump to navigation Jump to search
Line 9: Line 9:
  
 
==Attack==
 
==Attack==
 +
 +
Attack
  
  
 
  skipfish –o (output location) –W (location of wordlist) (target website)
 
  skipfish –o (output location) –W (location of wordlist) (target website)
 
 
 
  skipfish -o output http://192.168.0.97/guestbook/
 
  skipfish -o output http://192.168.0.97/guestbook/
  
Line 54: Line 54:
 
  [+] Report saved to 'skipfish/index.html' [0x5cc6919f].
 
  [+] Report saved to 'skipfish/index.html' [0x5cc6919f].
 
  [+] This was a great day for science!
 
  [+] This was a great day for science!
 +
 +
 +
==Web Output==
 +
 +
Hasilnya bisa dilihat di web
 +
 +
file:///outoutdirectory/index.html
 +
 +
Contoh:
 +
 +
[[File:Screenshot from 2018-06-05 17-28-40.png|center|200px|thumb]]
 +
 +
atau lebih detail
 +
 +
[[File:Screenshot from 2018-06-05 17-31-17.png|center|200px|thumb]]

Revision as of 17:32, 5 June 2018

Skipfish adalah tool pengintai keamanan aplikasi web. Skipfish menyiapkan sebuah sitemap interaktif akan target menggunakan penjelajah rekursif dan probe berbasis kamus. Peta yang dihasilkan menyediakan output setelah di scan oleh pemeriksaan keamanan.

Skipfish dapat ditemukan di bawah Aplikasi Web | Pemindai Kerentanan Web sebagai skipfish. Ketika Anda pertama kali membuka Skipfish, jendela Terminal akan muncul perintah Skipfish. Skipfish dapat menggunakan kamus built-in atau customizable untuk penilaian kerentanan.


Run

skipfish -h

Attack

Attack


skipfish –o (output location) –W (location of wordlist) (target website)
skipfish -o output http://192.168.0.97/guestbook/


Hasilnya kira-kira

skipfish version 2.10b by lcamtuf@google.com

  - 192.168.0.97 -

Scan statistics:

      Scan time : 0:32:16.857
  HTTP requests : 35831 (18.5/s), 770572 kB in, 7878 kB out (401.9 kB/s)  
    Compression : 757803 kB in, 7860572 kB out (82.4% gain)    
    HTTP faults : 0 net errors, 0 proto errors, 0 retried, 0 drops
 TCP handshakes : 367 total (97.6 req/conn)   
     TCP faults : 0 failures, 0 timeouts, 5 purged
 External links : 10 skipped
   Reqs pending : 0           

Database statistics:

         Pivots : 548 total, 544 done (99.27%)    
    In progress : 0 pending, 0 init, 0 attacks, 4 dict      
  Missing nodes : 2 spotted
     Node types : 1 serv, 7 dir, 12 file, 520 pinfo, 2 unkn, 6 par, 0 vall
   Issues found : 13 info, 2 warn, 2 low, 0 medium, 3 high impact
      Dict size : 285 words (285 new), 4 extensions, 256 candidates
     Signatures : 77 total
        
[+] Copying static resources...
[+] Sorting and annotating crawl nodes: 548
[+] Looking for duplicate entries: 548
[+] Counting unique nodes: 30
[+] Saving pivot data for third-party tools...
[+] Writing scan description...
[+] Writing crawl tree: 548
[+] Generating summary views...
[+] Report saved to 'skipfish/index.html' [0x5cc6919f].
[+] This was a great day for science!


Web Output

Hasilnya bisa dilihat di web

file:///outoutdirectory/index.html

Contoh:

Screenshot from 2018-06-05 17-28-40.png

atau lebih detail

Screenshot from 2018-06-05 17-31-17.png